EPIC logo


========================================================================
                           E P I C  A l e r t
========================================================================
Volume 13.19                                          September 22, 2006
------------------------------------------------------------------------

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

             http://www.epic.org/alert/EPIC_Alert_13.19.html


========================================================================
Table of Contents
========================================================================
[1] Voting ID Requirements Struck in Missouri
[2] Privacy and Security Flaws Imperil Transit Worker ID Program
[3] International Consumer Groups Urge US, EU to Protect Passenger Data
[4] EPIC Urges US to Stop Surveillance Tech Exports
[5] DC Residents Speak Up for Crime Prevention
[6] News in Brief
[7] EPIC Bookstore: 
[8] Upcoming Conferences and Events

========================================================================
[1] Voting ID Requirements Struck in Missouri
========================================================================

On September 14, a Missouri trial court struck down a state law
requiring voters to present a government-issued photo ID at the polls.
Judge Richard Callahan of Cole County Circuit Court found that the law
violated the Missouri constitution, since it denied the right to vote to
those who Citizens of the state had challenged the new law, arguing that
its restrictions denied the right to vote to those who could not afford
to obtain such IDs.

In 2005, when the state expanded the number of documents required to
obtain a drivers license or ID card. The 2005 law required applicants to
prove lawful presence, identity, and residence. Although the state did
not charge for ID cards themselves, applicants for an ID must spend
money on documents required to obtain the ID. Lawful presence, for
example, could be established with a US passport ($97-$236) or a birth
certificate with an embossed or raised seal by the issuing state or
municipality ($15-$30). For citizens born abroad, the cost for voting
would have been even greater.

The court also noted that there had been no complaints of voter fraud
under the previous voting law, which did not require a government-issued
photo ID.

Two other states have addressed voter ID requirements in recent weeks.
On September 19, Georgia's third attempt at a voter photo ID requirement
for the state's special election was also declared unconstitutional by a
federal court judge. A federal judge in Arizona, however, allowed a
state ID requirement to stand one day before its first use during a
statewide primary election. On September 11, U.S. District Judge Roslyn
O. Silver refused to halt enforcement of the new law's application,
requesting additional briefs and scheduling a hearing for October 19,
but without providing the reasoning for her decision. Arizona's new law,
enacted as a result of a ballot initiative in 2004, imposes proof of
citizenship requirements on voters both during the registration process
and on Election Day.

According to the National Conference of State Legislatures, 24 states
have some form of ID requirement, while only seven require a photo ID.
This list does not include the state of Georgia, due to the court
decisions earlier this year. 

Some federal lawmakers are pressing for similar requirements, however.
The US House of Representatives passed H.R. 4844, the Federal Election
Integrity Actby a vote of 228 to 196. This bill would require voters to
prove their citizenship and present photo ID prior to voting in any
federal election. The bill contains no funding nor provisions for those
who might due to religious beliefs oppose photo ID documents. Currently
there is no document recognized as providing proof of citizenship.


Ruling in Missouri Case, Weinschenk v. Missouri (pdf):

     http://www.epic.org/privacy/voting/pdf_files/Misri_vot2.pdf

Complaint in Weinschenk v. Missouri (pdf):

     http://www.epic.org/privacy/voting/pdf_files/Misri_vot3.pdf

EPIC's Voting Page:

     http://www.epic.org/privacy/voting


========================================================================
[2] Privacy and Security Flaws Imperil Transit Worker ID Program
========================================================================

Security and privacy problems have delayed the implementation of the
Transportation Worker Identification Credential program. TWIC is a
Homeland Security program designed to screen the backgrounds of and
issue biometric ID cards to the nation's 750,000 air, land and sea
transportation workers.

TWIC was created in November 2002 as part of maritime security
legislation, but the pilot program was delayed for two years. In that
time, its cost has nearly doubled from $12 million to $23 million, even
though only 4,000 of the planned 200,000 cards were issued through a
pilot program. Under TWIC, Homeland Security would gather finger scans,
iris scans, digital photographs and detailed biographical, employment
and other personal data from those hoping to work in the transportation
industry. The applicants' names would then be run against immigration
and terror watch lists.

EPIC has previously reported about the mistakes and problems associated
with terror watch lists. Often innocent people are on or have similar
names to those on the lists, and it is difficult to correct the lists.
Sen. Ted Kennedy was matched to a name on the list, and he could only
resolve the problem with the help of then-Homeland Security Secretary
Tom Ridge. The lists are also bloated -- they were revealed to include
325,000 names.

The Inspector General for the Department of Homeland Security released a
report in July titled "DHS Must Address Significant Security
Vulnerabilities Prior To TWIC Implementation." The report said, "Due to
the number and significance of the weaknesses identified, TWIC prototype
systems are vulnerable to various internal and external security
threats." The security problems must be rectified because they "may
threaten the confidentiality, integrity, and availability of sensitive
TWIC data," the report said.

Homeland Security has postponed the installation of TWIC card readers.
It is not known when or if the program will be fully implemented.

TSA's page on TWIC:

     http://www.tsa.gov/what_we_do/layers/twic/index.shtm

DHS Inspector General Report on TWIC (Redacted) (pdf):

     http://www.epic.org/redirect/dhs_ig_twic.html

EPIC's Biometric Identifiers page:

     http://www.epic.org/privacy/biometrics/

EPIC's National ID Cards and REAL ID Act page:

     http://www.epic.org/privacy/id_cards/


========================================================================
[3] International Consumer Groups Urge US, EU to Protect Passenger Data
========================================================================

The Transatlantic Consumer Dialogue (TACD), a coalition of US and EU
consumer groups, wrote to US and EU officials, urging them to include
privacy safeguards into air passenger data sharing agreements. Officials
in the US and EU are currently discussing the international sharing of
passenger name records (PNRs) between the travel industry and law
enforcement. United States Homeland Security Secretary Michael Chertoff
is seeking to expand the data that is available to US agencies, and to
share the data with more US agencies.

PNRs, are data held by air carriers and travel agents collected during
booking. They can include passenger travel dates, home and work
addresses, payment details, members of party, meal preferences (such as
whether a passenger requires halal or kosher meals), and more. However,
the minimum amount required for a travel booking is a name, contact
information, and itinerary.

PNRs have been shared with the US under an agreement that was held to be
invalid in by a May 2006 European Court of Justice decision. That
decision held that the data sharing agreement violated the privacy of
European air travelers, a violation of the 1995 EU directive on data
protection. The court ruled that the agreement must be renegotiated with
proper protections and legal basis or it would be annulled by September
30, 2006.

The consumer groups request that officials considering PNR sharing abide
by three criteria. First, the agreement must respect the May 2006
European Court of Justice decision that PNR sharing agreements must have
an adequate legal basis and be respectful of US and EU privacy laws.
Second, the US and EU must conduct a study comparing the effectiveness
of passenger profiling with other safety techniques. Third, the groups
held that an annual report of PNR sharing must be published.


Text of TACD letter:

     http://www.epic.org/redirect/tacd_pnr_letter.html

Wikipedia Entry on Passenger Name Records:

     http://en.wikipedia.org/wiki/Passenger_Name_Record

EPIC's page on Passenger Name Records

     http://www.epic.org/privacy/intl/passenger_data.html


========================================================================
[4] EPIC Urges US to Stop Surveillance Tech Exports
========================================================================

In a letter addressed to the Secretary of Commerce Carlos Gutierrez,
EPIC urged the Department of Commerce to restrict the export of
high-tech surveillance equipment to China. While the US has restricted
the export of products such as tear gas, handcuffs, and shotguns to
China, the letter noted, high-tech equipment that can be used for
surveillance and censorship is freely exported to the country.

The export restrictions were put in place following the 1989 Tienanmen
Square massacre. Recent reports on human rights abuses in China have
focused on the role that US technology companies have played in the
suppression of free speech. A recent article in BusinessWeek, for
example, highlighted the fact that Oracle, Cisco, Motorola, and EMC
Corp. all sold technology products to Chinese police and security
authorities that can be used to track political dissidents, in spite of
China's "dismal" human rights record.

EPIC's letter highlighted portions of this track record indicating that
surveillance and censorship technology plays a major role in human
rights abuses. For instance, the US State Department's 2005 report on
human rights in China states, "During the year authorities monitored
telephone conversations, facsimile transmissions, e-mail, text
messaging, and Internet communications...The security services routinely
monitored and entered residences and offices to gain access to
computers, telephones, and fax machines."

The technology that allows this surveillance and tracking, said EPIC,
was often provided by companies based in the United States. Cisco, for
example, has marketed and sold its products as "strengthening police
control." In hearings conducted in February, members of the House
Subcommittee on Human Rights condemned a number of US companies for
their role in suppressing free speech and dissent in China. The company
representatives said that they were abiding by Chinese law, and asked
the US government, including the Department of Commerce, to also take a
strong stand against human rights abuses.

EPIC's letter stressed this need for leadership from the US government:
"The American democratic tradition, and its worldwide reputation of
valuing democracy and individual freedoms could be undermined by the
involvement of the US technology industry…Companies need to be presented
with a strong legislative framework in which to carry out their trade
with Chinese customers."

EPIC's Letter to Secretary Gutierrez (pdf):

     http://www.epic.org/privacy/intl/doc_china_letter.pdf

BusinessWeek Article:

     http://www.businessweek.com/magazine/content/06_38/b4001067.htm

House Human Rights Subcommittee, Hearing Notice: The Internet in China:

     http://wwwc.house.gov/international_relations/109/af021506.htm


========================================================================
[5] DC Residents Speak Up for Crime Prevention
========================================================================

Washington, DC, residents and a coalition of groups, including EPIC, the
ACLU, DC Action for Children, and Efforts for Ex-Cons, gathered Monday
night to discuss crime prevention measures. Topics included community
policing, curfews, rehabilitation of ex-offenders, and surveillance
cameras.

Johnny Barnes, Executive Director of the ACLU-National Capital Area,
welcomed the crowd and explained that the gathering was in response to
"emergency crime legislation" that the DC Council hastily enacted in
response to several high profile crimes. The emergency legislation more
than doubled the number of cameras in the district, created an earlier
curfew and expanded police access to confidential juvenile information.

Ron Hampton, Executive Director of the National Black Police Association
and a self-described "former beat cop" explained the many ways that
effective community policing helps cut crime rates. When the police have
the resources to devote to learning about the people and places in their
neighborhood beats, they are better able to help the community with
crime reduction and prevention, he said. Such community policing would
reduce the fear of crime and improve relations between the police and
citizens, he said.

Melissa Ngo, Director of EPIC's Identification and Surveillance Project,
and Jay Stanley, Public Education Director of the Technology and Liberty
Program at the ACLU, discussed the problems with surveillance cameras.

Constant surveillance, Stanley said, creates a chilling effect on free
speech when people learn that their peaceful, legal protests are being
watched and recorded. Stanley also pointed out that the cities of
Detroit, Miami, and Oakland all abandoned their camera surveillance
systems because they were ineffective in reducing crime. Studies have
also shown that it is more effective to place more officers on the
streets and improve lighting in high-crime areas than to use
surveillance cameras, he said. Ngo said the cameras are invasive and
just don't work. Furthermore, she said, funds spent on cameras could be
spent on more effective crime-fighting tools. The emergency legislation
allotted $2.3 million for the city to buy 23 cameras to add to the 19
cameras in the District, but Ngo said the $2.3 million could have been
put to better use by hiring an additional 46 police officers, at a
salary of $50,000.

After the expert presentations, there was a question and answer period
with the audience. The DC Council's Committee on Consumer and Regulatory
Affairs will hold a public hearing on PR 16-766 "Metropolitan Police
Department Closed Circuit Television Regulations Amendment Approval
Resolution of 2006" on Oct. 4, 2006 in Room 412 of the John A. Wilson
Building at 1350 Pennsylvania Ave. NW, Washington, DC.

D.C. Council Home Page:

     http://www.dccouncil.washington.dc.us/

American Civil Liberties Union-National Capital Area:

     http://www.aclu-nca.org/

National Black Police Association:

     http://www.blackpolice.org/

EPIC's Comments to the D.C. Council on the April CCTV proposal (pdf):

     http://www.epic.org/privacy/surveillance/cctvcom062906.pdf

EPIC's Video Surveillance page:

     http://www.epic.org/privacy/surveillance/


========================================================================
[6] News in Brief
========================================================================

EU Data Supervisor: Privacy, Security Not Opposed

On September 18, Peter Hustinx, the European Data Protection Supervisor,
emphasized the importance of personal privacy in ensuring national
security. "It is a misconception that protection of privacy and personal
data holds back the fight against terrorism and organised crime. . .
Good data protection actually goes hand in hand with legitimate crime
fighting because it increases the quality of data bases and at the same
time makes sure that only the right people can access them," he said. 
Hustinx stated that existing laws and legal processes allowed for law
enforcement access to important information on criminals and terrorists,
and that any new systems allowing access to personal information needed
to have adequate checks and safeguards to protect personal privacy.

Press Release from the European Data Protection Supervisor:

     http://www.epic.org/redirect/hustinx_statement.html


Social Networking Site Pays $1 Million for Privacy Violations

Xanga.com, a social networking site, agreed to pay $1 million for
violating the Children's Online Privacy Protection Act. The Federal
Trade Commission brought the action against the website after Xanga
collected, used, and disclosed information about children under the age
of 13 without first notifying parents and obtaining their consent.
Although Xanga's policies stated that users had to be over 13 to join,
it allowed users to register on the site even after they provided a
birth date indicating they were under 13 years old. The consent order
not only includes the $1 million penalty, but also requires that Xanga
delete all of the information collected on underage children.

FTC Press Release:

     http://www.ftc.gov/opa/2006/09/xanga.htm

Text of the Consent Decree (pdf):

     http://www.ftc.gov/os/caselist/0623073/xangaconsentdecree.pdf


British Protest Covert Trash-Monitoring Chips

Homeowners in Britain are protesting the recent installation of
electronic chips in their outdoor trash cans. The chips measure the
weight of trash placed in the cans and transmit that information to a
central database. British officials have said the information could be
used to fine residents who are not recycling enough. Homeowners have
been removing the monitoring chips from their cans and sending them to
city council members with angry letters. City councils are responding
with threats of fines for damaging city property.

Coverage of the Protests in the Daily Mail:

     http://www.epic.org/redirect/trash_chip_story.html


US Should Limit SSN Use, Task Force Says

The President's Identity Theft Task Force issued its interim
recommendations for combating identity theft, which the Federal Trade
Commission has called the fastest growing crime in the nation. Among the
recommendations was that the government limit government use of the
Social Security number as an identifier. Because Social Security numbers
are frequently used for authentication in the private sector, their
disclosure can easily lead to identity theft. The Task Force also
recommended that government agencies implement contingency plans in case
there is a breach of individuals' personal information. However, these
recommendations leave it to the heads of the agency to decide whether or
not to reveal the breach to those affected.

Interim Recommendations of the Task Force (pdf):

     http://www.ftc.gov/os/2006/09/060916interimrecommend.pdf

EPIC's SSN Privacy Page:

     http://www.epic.org/privacy/ssn/


States Oppose Preemption on Wireless Law

Forty-one state Attorneys General wrote to Congress, opposing provisions
of H.R. 5252, the "Advanced Telecommunications and Opportunity Reform
Act."  These provisions of the telecommunications bill would override
state laws that regulate wireless telecommunications services and voice
over Internet Protocol (VoIP) services. The attorneys general argue in
the letter that preemption of state laws would harm consumers by denying
them state protections against unfair and fraudulent trade practices by
certain telecommunications and VoIP providers. State governments have
often acted more swiftly and thoroughly to protect privacy rights, only
to have protections rolled back by federal preemption.

Letter from 41 State Attorneys General (pdf):

     http://www.naag.org/news/pdf/20060915.WirelessPreemption.pdf

EPIC's Privacy and Preemption Page:

     http://www.epic.org/privacy/preemption/


========================================================================
[7] EPIC Bookstore: "Privacy, Information, and Technology"
========================================================================

"Privacy, Information, and Technology" by Daniel J. Solove, Marc
Rotenberg, and Paul Schwarz (Aspen Publishers 2006).

http://www.powells.com/partner/24075/biblio/62-0735562458-1

"This short paperback, developed from the casebook, 'Information
Privacy Law,' contains key cases and materials focusing on privacy issues
related to information technology, databases, and cyberspace.  Topics
covered include government surveillance, privacy and access to public
records, government access to personal information, data mining,
identity theft, consumer privacy, financial privacy, and more."


================================

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
http://www.epic.org/bookstore/phr2005/phr2005.html

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

Preventing and Responding to Security Breaches. Privacy Journal.
September 28-29. New York, New York. For more information:
www.aciresources.com

Identity and Identification in a Networked World. New York University. 
September 29-30, 2006. New York, New York. For more information:
http://www.easst.net/node/976

34th Research Conference on Communication, Information, and Internet
Policy. Telecommunications Policy Research Conference. September
29-October 1, 2006. Arlington, Virginia. For more information:
http://www.tprc.org/TPRC06/2006.htm

6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:
http://www.futureofmusic.org/events/summit06/

The IAPP Privacy Academy 2006. International Association of Privacy
Professionals. October 18-20, 2006. Toronto, Ontario, Canada. For more
information:
www.privacyassociation.org

International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:
http://www.businessandit.uoit.ca/pst2006/

Internet Governance Forum (IGF) October 30-November 2, 2006. Athens,
Greece. For more information:
http://www.igfgreece2006.gr/

28th International Data Protection and Privacy Commissioners'
Conference. November 2-3, 2006. London, United Kingdom. For more
information:
http://www.privacyconference2006.co.uk/

BSR 2006 Annual Conference. Business for Social Responsibility. November
7-10, 2006. New York, New York. For more information:
http://www.bsr.org/BSRConferences/index.cfm

5th Conference on Privacy and Public Access to Court Records. Center for
Legal and Court Technology and Administrative Office of the United
States Courts. March 22-23, 2007. Williamsburg, Virginia. For more
information:
http://www.courtaccess.org/

CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 13.19 -------------------------

.